﻿using System;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.Security.Cryptography.X509Certificates;

namespace Ipmce.RemoteVoting.Common.Tools.Wcf
{
	public class CertificateIssuerCnValidator : X509CertificateValidator
	{
		private readonly string _issuerCnName;

		public CertificateIssuerCnValidator(string issuerCnName)
		{
			_issuerCnName = issuerCnName;
		}

		public override void Validate(X509Certificate2 certificate)
		{
			// Check that there is a certificate.
			if (certificate == null)
			{
				throw new ArgumentNullException("certificate");
			}

			// Check that the certificate issuer matches the configured issuer.
			if (_issuerCnName != certificate.IssuerName.Name)
			{
				throw new SecurityTokenValidationException
				  ("Certificate was not issued by a trusted issuer");
			}
		}
	}
}
